ASP.NET Core Response Compression: Enterprise Decision Guide (2026)
Response compression is one of those optimisations that looks straightforward on paper. Enable the middleware, pick an algorithm, done. In practice, teams frequently apply it in the wrong place, compress the wrong content types, or introduce CPU overhead that slows down the very endpoints they were trying to improve.
π Want production-ready .NET code samples and exclusive tutorials? Join Coding Droplets on Patreon for premium content delivered every week. π Join CodingDroplets on Patreon
This guide covers the decision your team needs to make before touching compression in your ASP.NET Core API β where to apply it, when to skip it, and which mistakes consistently appear in production systems.
How ASP.NET Core Response Compression Works
ASP.NET Core includes a built-in response compression middleware that sits in the request pipeline. When a client sends a request with an Accept-Encoding header (declaring that it can handle compressed responses), the middleware compresses the response body before sending it and sets the Content-Encoding header accordingly.
The middleware supports two algorithms out of the box β Gzip and Brotli β and you can implement custom providers for others. By default, it applies to MIME types commonly associated with text content: text/plain, text/css, text/html, text/javascript, application/json, application/xml, and related types. Binary content like images, audio, and video is excluded because those formats are already compressed.
Configuration is straightforward β you register the services, configure which providers to use and in what priority order, and add UseResponseCompression() to the pipeline.
Gzip vs Brotli
Both algorithms reduce payload size. They differ in compression ratio, CPU cost, and browser support.
Gzip
Supported by every HTTP client and browser for over two decades
Moderate compression ratio β typically 60β80% reduction on JSON responses
Low CPU overhead β fast to compress and decompress
The safe default for APIs consumed by a broad range of clients
Brotli
Developed by Google and supported in all modern browsers (Chrome, Firefox, Safari, Edge) and most HTTP clients
Better compression ratio than Gzip β typically 10β25% smaller than equivalent Gzip output
Higher CPU cost, particularly at higher compression levels
Designed primarily for static assets and text content
Not supported over plain HTTP β only HTTPS connections
Which to use
Register Brotli first in the provider list and Gzip as the fallback. ASP.NET Core will negotiate with the client β if the client supports Brotli, it gets Brotli; otherwise it falls back to Gzip. Clients that support neither receive uncompressed responses. This gives you the best compression for modern clients without breaking older ones.
One important constraint: Brotli at its default quality setting (level 4) is noticeably slower to compress than Gzip at its default. For real-time API responses, use a lower Brotli quality level (1β3) to keep compression latency acceptable. The size savings are smaller but still better than Gzip.
The Reverse Proxy Question
This is the most important decision, and it is the one most teams skip.
If your ASP.NET Core application sits behind a reverse proxy β nginx, Cloudflare, Azure Front Door, AWS CloudFront, or an API gateway β you almost certainly should not be using the ASP.NET Core compression middleware. The reverse proxy should handle compression instead.
Why the reverse proxy is better positioned for this
The reverse proxy has full visibility into the connection between the client and the edge. It can cache compressed responses and serve them to multiple clients without re-compressing. It offloads CPU work from your application servers. It handles the Vary: Accept-Encoding cache header correctly for CDN compatibility. nginx's ngx_http_gzip_module, for example, is implemented in native C and is significantly more efficient than managed .NET compression at high throughput.
When the middleware makes sense
Your API communicates directly with clients without a proxy layer. You are running in a controlled environment where you know exactly what clients connect and their encoding support. You have internal service-to-service APIs on a private network where bandwidth is genuinely constrained. You need to compress specific response types that your reverse proxy does not compress by default.
If you are deploying to a cloud environment with a CDN or API gateway in front of your API, configure compression at that layer and remove the middleware from your application entirely.
CPU-Bound APIs β The Hidden Risk
Response compression is not free. Every response the middleware compresses requires CPU cycles to process. For most APIs this cost is negligible. For CPU-bound APIs it is not.
Consider what happens when your API is already under CPU pressure β complex query aggregations, heavy computation, PDF generation, image processing. Adding compression to that workload means compressing responses on threads that are already busy. Under high load, compression can increase latency and reduce throughput rather than improving the client experience.
The trade-off to evaluate:
Bandwidth-bound scenarios β API responses are large, the network is the bottleneck, and the servers have spare CPU capacity. Compression wins.
CPU-bound scenarios β servers are already working hard to generate responses. Compression adds latency and reduces capacity. Skip it or move it to the reverse proxy.
Latency-sensitive endpoints β for endpoints where response time is critical (under 50ms targets), profile the compression overhead before enabling it. At low Brotli quality levels the overhead is minimal, but it is not zero.
The most reliable approach: measure before enabling. A load test with and without compression on your specific API workload is more useful than any general guidance.
Decision Framework
Enable middleware compression when:
Your API is deployed without a reverse proxy or CDN. Your responses are large text or JSON payloads (above 1KB β compressing small responses often produces larger output than the original). Your servers have spare CPU capacity during peak load. Your clients are diverse and you cannot guarantee proxy-level compression reaches them all.
Skip middleware compression (use proxy/CDN instead) when:
Your API sits behind nginx, Cloudflare, Azure Front Door, or any major CDN or API gateway. You are on a cloud platform that handles compression at the edge. You have a CPU-intensive workload where the additional compression overhead is measurable under load.
Exclude from compression regardless:
Binary content β images, audio, video, PDFs. Already-compressed formats β zip files, gzip streams. Endpoints returning very small responses (under 500 bytes) where the compression headers exceed the savings. Streaming responses where buffering the entire payload for compression defeats the purpose of streaming.
Profile before enabling in production:
Any API handling more than a few hundred requests per second. Any API with response generation times already above 100ms. Any API where latency SLAs are tight.
Anti-Patterns
Compressing everything without size thresholds
The default middleware compresses responses regardless of size. A 50-byte JSON response with compression headers can be larger than the original. Set a minimum response size threshold β responses below 1KB rarely benefit from compression.
Applying middleware behind a proxy that already compresses
This doubles the CPU cost β the application server compresses, then the proxy decompresses and recompresses. Worse, some proxies will refuse to compress an already-compressed response, so clients end up with uncompressed payloads despite the middleware being active. Remove the middleware when a proxy is in the picture.
Using high Brotli quality levels on dynamic responses
Brotli at quality level 11 (maximum) produces excellent compression ratios but is dramatically slower than Gzip for dynamic content. It is appropriate for static assets that are compressed once and cached. For real-time API responses it introduces unacceptable latency. Use quality levels 1β3 for dynamic content if you use Brotli at all.
Compressing responses that set Cache-Control: no-store
If a response cannot be cached, compressing it saves no long-term bandwidth β it is re-compressed on every request. The CPU cost is paid every time with no repeat benefit.
Ignoring the Vary: Accept-Encoding header
When you serve both compressed and uncompressed versions of a response, CDNs and proxies need the Vary: Accept-Encoding header to cache both versions correctly. Without it, one version gets cached and served to all clients regardless of their encoding support. ASP.NET Core's middleware sets this header automatically β verify that your proxy does not strip it.
Key Takeaways
Response compression in ASP.NET Core is a deliberate decision, not a default setting to enable for all APIs.
If you are behind a reverse proxy or CDN, configure compression there. The infrastructure layer is purpose-built for this and will do it more efficiently than application-level middleware.
If you are compressing at the application level, register Brotli first with a low quality level and Gzip as the fallback, set a minimum response size threshold, and exclude binary content and small payloads.
Before enabling compression on a production API, run a load test with and without it. The results for your specific workload are more reliable than any rule of thumb.
β Found this guide useful? Buy us a coffee β it keeps the content coming every week.
